Start FileCloud FREE Trial
Log in

Active Directory Authentication

 In this type of authentication mechanism, a user account is authenticated against an external Active Directory server.

(lightbulb) Accounts with this type of authentication are also known as external accounts.

Note

The AD user will count towards FileCloud License only after:

  • The user account logs into FileCloud
  • If a user from AD is explicitly imported

Prerequisites

RequiredConfiguration RequirementNotes
Active Directory serviceMust be accessible from FileCloudIP and Port must be accessible. 
Active DirectoryMust support Simple Authentication MethodMust use simple bind authentication, either anonymously or with a username and password.
Active Directory users

Must have an email attribute

FileCloud username must match AD user login name

Important: The FileCloud username cannot be changed.

Beginning in FileCloud 21.2, the AD Account name used in Active Directory settings must have an email ID in Active Directory.

The email address is saved in the user's FileCloud profile. During login, validation requires the FileCloud email address and the AD email address to match;  later modification of email address in AD or FileCloud will cause login to fail.

FileCloud ServerVersion must be 4.0 or later


How To Enable AD Authentication

(lightbulb) In the following section, to display more information, click on a topic.

To enabling AD authentication in FileCloud:

  1. Log into the FileCloud Administration Portal

  2. Click on  Settings in the left navigation panel

  3. Click on Authentication tab

  4. Under Authentication Settings, change the Authentication Type to "ACTIVEDIRECTORY" using the dropdown box. This will enable the "Active Directory Settings" group.

  5. Enter the required information in the settings under Active Directory Settings (See AD configuration parameters, below) and then click Save.
    Note: The changed parameters must be saved before performing an AD test.

To connect FileCloud with your AD environment, enter the correct connection parameters. 





AD Host - Required. Either the IP address or host name of the AD server.

AD Port - Required.  Enter 389 for non-SSL, or enter 636 for SSL.

Use TLS - Optional. Enable this checkbox if your AD server requires clients to use TLS to connect.

Use SSL - Optional. Enable this checkbox if your AD server requires clients to use SSL to connect.
NOTE: Additional change required.

Users have the same UPN Account Suffixes
All of your AD users should have the same suffix or the same prefix.

  • If your users have the same UPN suffixes:
    Enable this checkbox and enter the suffix in the next field, AD Account Suffix.
  • Otherwise:
    Disable the checkbox. The next field changes to AD Logon Name Prefix as in the following screenshot. Set AD Logon Name Prefix (a trailing ‘\’ is not required). See Mixed AD Authentication support.

To find the AD Logon Name Prefix and the AD Account Suffix, refer to:


AD Account SuffixThe UPN suffix for your domain, the part after User logon name in the dropdown next to it in the above screenshot.

Instead of viewing the properties as shown above, you can get the account suffix by running the following query in the command line in the AD server:

dsquery * <FULLY QUALIFIED NAME> -scope base -attr sAMAccountName userPrincipalName

AD Base DN - Required. Do not enter value with quotes.
The Base DN for your domain. Located in the extended attributes in Active Directory Users and Computers MMC:
 

You can also get the Base DN by running the following query in the command line in the AD server.

dsquery user -name <LOGON NAME>


Mail Attribute - Required. FileCloud requires each user account to have an associated email id. Typically the name of this attribute in AD is mail. If a user account has no mail attribute, then login to FileCloud will fail. If a mail attribute is present, and login fails, then check the base DN to ensure it is accurate and is without quotes.

Limit Login to AD Group - Optional. To limit login to specific users, add them to a group and specify the group name here. (Typically this is left blank.) If you set this field, ensure that the account name specified in AD Account Name is part of the AD group.

AD Account Name - Required. A valid account name is required here in order for FileCloud to query the AD server. This can be any account that can access the AD server, and is located in User logon name in the FileCloud Properties screenshot, above.
Notes: Enter username, not email id in this field. This account must have an email address set in AD.

AD Account password - A password for the AD account name.

Disable Anonymous Binding - Optional. Enable this checkbox if your AD does not allow anonymous binding. Enabling this checkbox enables the AD Service Account Name and AD Service Account Password text boxes.

AD Service Account Name - Optional. The service account name to use to bind with the AD server.

AD Service Account Password - Optional.  The service account password to use to bind with the AD server.


To connect to Active Directory over SSL, please follow the steps mentioned here.

Make sure the settings are SAVED before trying the AD Tests to verify connectivity

Once all data is entered and saved, test the AD settings by clicking the AD Test button.

At the top of the Active Directory settings, click the AD Test button.


A Test AD Configuration dialog box opens:


 

The following tests can be done.

  1. Validate AD settings.
    1. Click the Validate AD Settings button to perform basic connectivity tests with the AD server.
      You should receive the response:

      If the tests fail, then check your AD settings to ensure all the data is present and is accurate.
  2. List Groups
    1. Once AD settings are validated, click List Groups to view the list of groups read from the server.  
      You should see a list similar to:

       
  3. Get Group Member
    1. Click List Groups, then select a group and click Select

      The Group name appears in the Test AD Configuration dialog box. 
      (You can also enter the group name directly into the text box without selecting from the AD Group List popup.)
    2. Click Get Group Members.

      The AD Members List should list the correct members of the group:

      Note: The group members are NOT automatically added to FileCloud.
  4. Verify User Access
    1. Enter a specific user name and password and click Test Login to make sure the user can log in to AD. 
      If not, check if the AD suffix or AD prefix matches the one entered in the AD Account Suffix or AD Logon Name Prefix in the FileCloud admin portal or the AD server.
    2. Enter a specific user name and password and click Get Email ID. 
      This should return the correct email address for a user account from AD. If a valid email address is not returned, then FileCloud cannot import the user account. Check if the email address is included for the user on the AD Server.

AD Options

Authenticating to Multiple AD servers
Connecting to AD via SSL
Mixed AD Domain Environments
Migrate Data from a Changed User Account Name

More Information:

VideoFileCloud Blogs

Active Directory Settings

Import Users to AD via PowerShell